Help Center/ Workspace/ User Guide(Administrator)/ Tenant Configuration/ Basic Configuration/ Configuring Multi-Factor Authentication/ Enterprise-owned Authentication System
Updated on 2023-12-05 GMT+08:00
View PDF

Enterprise-owned Authentication System

Scenarios

You can configure the interconnection with an enterprise authentication system so that end users can use the system to perform secondary authentication when logging in to a cloud desktop using accounts and passwords through Workspace.

Prerequisites

  • You have purchased a cloud desktop.
  • The network between the customer data center of the enterprise authentication server and the VPC has been configured by referring to Getting Started of Direct Connect or What's New of Virtual Private Network.

    A random port has been enabled on the cloud desktop to connect to the third-party service plane. If the cloud desktop is also interconnected with the Windows AD, ensure that the Windows AD port does not conflict with the port of the authentication server.

  • The following information about the enterprise authentication server has been obtained:
    • (Optional) Domain name of the authentication server
    • Authentication server IP address
    • Access key (AK) of the authentication server
    • Secret access key (SK) of the authentication server
    • SSL/TLS certificate file in PEM or CER format of the authentication server

Use Restrictions

The emergency mode is disabled.

The emergency mode is disabled by default.

If the emergency mode is enabled, multi-factor authentication cannot be used. Enter the service ticket information, obtain the emergency mode status of the current tenant, and disable the emergency mode as required. For details, see Submitting a Service Ticket.

Procedure

  1. Log in to the management console.
  1. Click Tenant Configuration.

    The Tenant Configuration page is displayed.

  2. Under Multi-factor authentication configuration, select Enable for Virtual MFA.

    Figure 1 Enabling virtual MFA

  3. Click OK.
  4. Click Amend next to Authentication server, as shown in Figure 2. The page for modifying multi-factor authentication configuration is displayed.

    Figure 2 Modifying an authentication server

  5. Configure parameters by referring to Table 1.

    Table 1 Parameters for interconnecting with an enterprise authentication system

    Parameter

    Description

    Example Value

    Authentication server

    Select Interconnection with enterprise authentication system.

    Interconnection with enterprise authentication system

    Access mode

    Set this parameter based on the network mode of the user's authentication server.

    • If only the public network is accessible, select Internet.
    • If only the private network is accessible, select Dedicated.

    Internet

    Server address

    Enter the IP address of the enterprise authentication server prepared in Prerequisites.

    If Access mode is set to Internet, enter the domain name of the enterprise authentication server.

    192.168.0.0

    APP ID

    Enter the AK of the enterprise authentication server prepared in Prerequisites.

    The AK can contain a maximum of 24 characters.

    -

    APP Secret

    Enter the SK of the enterprise authentication server prepared in Prerequisites.

    The SK can contain a maximum of 128 characters.

    -

    SSL/TLS Certificate
    1. Click Certificate Upload and select the SSL/TLS certificate of the enterprise authentication server prepared in Prerequisites.
    2. Click Open.

    -

  6. Click OK.

    Use enterprise's own authentication system for authentication. End users do not need to bind devices, for details, see Logging In to a Desktop Using an SC, Logging In to a Desktop Using a TC, Logging In to a Desktop Using a Mobile Terminal.